aboutsummaryrefslogtreecommitdiff
path: root/src/modules
diff options
context:
space:
mode:
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp16
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp14
2 files changed, 30 insertions, 0 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 95927ee20..c6237c574 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -49,6 +49,10 @@
// Check if the GnuTLS library is at least version major.minor.patch
#define INSPIRCD_GNUTLS_HAS_VERSION(major, minor, patch) (GNUTLS_VERSION_NUMBER >= ((major << 16) | (minor << 8) | patch))
+#if INSPIRCD_GNUTLS_HAS_VERSION(3, 5, 6)
+# define GNUTLS_AUTO_DH
+#endif
+
#ifdef _WIN32
# pragma comment(lib, "libgnutls-30.lib")
#endif
@@ -137,6 +141,7 @@ namespace GnuTLS
gnutls_digest_algorithm_t get() const { return hash; }
};
+#ifndef GNUTLS_AUTO_DH
class DHParams final
{
gnutls_dh_params_t dh_params;
@@ -163,6 +168,7 @@ namespace GnuTLS
const gnutls_dh_params_t& get() const { return dh_params; }
};
+#endif
class X509Key final
{
@@ -329,9 +335,11 @@ namespace GnuTLS
class CertCredentials
{
+#ifndef GNUTLS_AUTO_DH
/** DH parameters associated with these credentials
*/
std::shared_ptr<DHParams> dh;
+#endif
protected:
gnutls_certificate_credentials_t cred;
@@ -354,6 +362,7 @@ namespace GnuTLS
gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, cred);
}
+#ifndef GNUTLS_AUTO_DH
/** Set the given DH parameters to be used with these credentials
*/
void SetDH(std::shared_ptr<DHParams>& DH)
@@ -361,6 +370,7 @@ namespace GnuTLS
dh = DH;
gnutls_certificate_set_dh_params(cred, dh->get());
}
+#endif
};
class X509Credentials final
@@ -538,7 +548,9 @@ namespace GnuTLS
std::string certstr;
std::string keystr;
+#ifndef GNUTLS_AUTO_DH
std::shared_ptr<DHParams> dh;
+#endif
std::string priostr;
unsigned int mindh;
@@ -551,7 +563,9 @@ namespace GnuTLS
: name(profilename)
, certstr(ReadFile(tag->getString("certfile", "cert.pem", 1)))
, keystr(ReadFile(tag->getString("keyfile", "key.pem", 1)))
+#ifndef GNUTLS_AUTO_DH
, dh(DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem", 1))))
+#endif
, priostr(GetPrioStr(profilename, tag))
, mindh(static_cast<unsigned int>(tag->getUInt("mindhbits", 1024, 0, UINT32_MAX)))
, hashstr(tag->getString("hash", "sha256", 1))
@@ -586,7 +600,9 @@ namespace GnuTLS
, outrecsize(config.outrecsize)
, requestclientcert(config.requestclientcert)
{
+#ifndef GNUTLS_AUTO_DH
x509cred.SetDH(config.dh);
+#endif
x509cred.SetCA(config.ca, config.crl);
}
/** Set up the given session with the settings in this profile
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 35dc0d4f6..9ee81877f 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -52,6 +52,10 @@
# pragma comment(lib, "libeay32.lib")
#endif
+#if OPENSSL_VERSION_NUMBER > 0x30000000L
+# define INSPIRCD_OPENSSL_AUTO_DH
+#endif
+
static bool SelfSigned = false;
static int exdataindex;
static Module* thismod;
@@ -76,6 +80,7 @@ namespace OpenSSL
}
};
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
class DHParams final
{
DH* dh;
@@ -104,6 +109,7 @@ namespace OpenSSL
return dh;
}
};
+#endif
class Context final
{
@@ -142,11 +148,13 @@ namespace OpenSSL
SSL_CTX_free(ctx);
}
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
bool SetDH(DHParams& dh)
{
ERR_clear_error();
return (SSL_CTX_set_tmp_dh(ctx, dh.get()) >= 0);
}
+#endif
#ifndef OPENSSL_NO_ECDH
void SetECDH(const std::string& curvename)
@@ -280,9 +288,11 @@ namespace OpenSSL
*/
const std::string name;
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
/** DH parameters in use
*/
DHParams dh;
+#endif
/** OpenSSL makes us have two contexts, one for servers and one for clients
*/
@@ -351,14 +361,18 @@ namespace OpenSSL
public:
Profile(const std::string& profilename, std::shared_ptr<ConfigTag> tag)
: name(profilename)
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
, dh(ServerInstance->Config->Paths.PrependConfig(tag->getString("dhfile", "dhparams.pem", 1)))
+#endif
, ctx(SSL_CTX_new(TLS_server_method()))
, clientctx(SSL_CTX_new(TLS_client_method()))
, allowrenego(tag->getBool("renegotiation")) // Disallow by default
, outrecsize(static_cast<unsigned int>(tag->getUInt("outrecsize", 2048, 512, 16384)))
{
+#ifndef INSPIRCD_OPENSSL_AUTO_DH
if ((!ctx.SetDH(dh)) || (!clientctx.SetDH(dh)))
throw Exception("Couldn't set DH parameters");
+#endif
const std::string hash = tag->getString("hash", "sha256", 1);
digest = EVP_get_digestbyname(hash.c_str());